﻿using System;
using System.Collections.Generic;
using System.Web;
using System.Web.UI;
using System.Web.Security;
using System.IO;
using System.Text.RegularExpressions;
using CMS.Helper;

/// <summary>
/// *========================
///  安全功能助手类
///  V1.1.100429 (CMS7)
///  by eXplorer
/// *========================
/// </summary>
namespace CMS.Helper
{
    public sealed class SecurityHelper
    {
        public SecurityHelper()
        {
            //
            //TODO: 在此处添加构造函数逻辑
            //
        }

        /// <summary>
        /// Hash算法类型
        /// </summary>
        public enum HashMode
        {
            MD5_16, MD5_32, SHA1
        }

        /// <summary>
        /// Hash计算函数
        /// </summary>
        /// <param name="Str">待处理字符串</param>
        /// <param name="Mode">HASH算法</param>
        /// <returns>处理后的字符串</returns>
        public static string Hasher(string Str, HashMode Mode)
        {
            if (Mode == HashMode.MD5_16)
            {
                Str = FormsAuthentication.HashPasswordForStoringInConfigFile(Str, "MD5").ToLower().Substring(8, 16);
            }
            else if (Mode == HashMode.MD5_32)
            {
                Str = FormsAuthentication.HashPasswordForStoringInConfigFile(Str, "MD5").ToLower();
            }
            else if (Mode == HashMode.SHA1)
            {
                Str = FormsAuthentication.HashPasswordForStoringInConfigFile(Str, "SHA1").ToLower();
            }
            return Str;
        }

        /// <summary>
        /// HTML及脚本过滤器
        /// </summary>
        /// <param name="StrText">待处理字符串</param>
        /// <returns>处理后的字符串</returns>
        public static string HtmlFilter(string StrText)
        {
            if (!string.IsNullOrEmpty(StrText))
            {
                //过滤脚本
                StrText = Regex.Replace(StrText, "<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);
                //过滤HTML
                StrText = Regex.Replace(StrText, "<(.[^>]*)>", "", RegexOptions.IgnoreCase);
                StrText = Regex.Replace(StrText, "([\\r\\n])[\\s]+", "", RegexOptions.IgnoreCase);
                StrText = Regex.Replace(StrText, "<!--.*?-->", "", RegexOptions.IgnoreCase);
                StrText = Regex.Replace(StrText, "&(nbsp|#160);", " ", RegexOptions.IgnoreCase);
                StrText.Replace("<", "");
                StrText.Replace(">", "");
                StrText.Replace("'", "‘");
                StrText.Replace("\\r\\n", "");
                StrText.Replace("" + (char)13 + "" + "" + (char)10 + "", "");
                StrText = HttpContext.Current.Server.HtmlEncode(StrText).Trim();
                return StrText;
            }
            else
            {
                return "";
            }
        }

        /// <summary>
        /// 文件名过滤器
        /// </summary>
        /// <param name="strFileName">待处理文件名</param>
        /// <returns>处理后字符串</returns>
        public static string FileNameFilter(string strFileName)
        {
            if (!string.IsNullOrEmpty(strFileName))
            {
                strFileName.Replace("<", "");
                strFileName.Replace(">", "");
                strFileName.Replace("\\", "");
                strFileName.Replace("/", "");
                strFileName.Replace(":", "");
                strFileName.Replace("*", "");
                strFileName.Replace("?", "");
                strFileName.Replace("|", "");
                strFileName.Replace("\"", "");
                return strFileName;
            }
            else
            {
                return "";
            }
        }

        /// <summary>
        /// 输入字符过滤器
        /// </summary>
        /// <param name="InputStr">输入字符串</param>
        /// <returns>处理后字符串</returns>
        public static string InputFilter(string InputStr)
        {
            if (!string.IsNullOrEmpty(InputStr))
            {
                InputStr = InputStr.Trim().Replace("'", "");
                return InputStr; 
            }
            else
            {
                return "";
            }
        }

        /// <summary>
        /// 页面防刷新
        /// </summary>
        /// <param name="BanSecond">封禁时间</param>
        public static void PreventRefresh(int BanSecond)
        {
            int RefreshTime = BanSecond;
            int isRefresh = 1;
            if (isRefresh == 1)
            {
                if ((HttpContext.Current.Session["RefreshTime"] != null) & RefreshTime > 0)
                {
                    if (CommonFunctions.DateDiff(CommonFunctions.DateInterval.Second, Convert.ToDateTime(HttpContext.Current.Session["RefreshTime"]), DateTime.Now) < RefreshTime)
                    {
                        HttpContext.Current.Response.Write("<META http-equiv=\"Content-Type\" Content=\"text/html\" /><meta HTTP-EQUIV=REFRESH CONTENT=" + RefreshTime + " /><p>页面正在转向......</p>");
                        HttpContext.Current.Response.End();
                    }
                    else
                    {
                        HttpContext.Current.Session["RefreshTime"] = DateTime.Now;
                    }
                }
                else
                {
                    HttpContext.Current.Session["RefreshTime"] = DateTime.Now;
                }
            }
        }
    }
}